Date: Wed, 19 Dec 2012 21:46:29 -0700 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: information disclosure flaw in php-ZendFramework (ZF2012-05) There doesn't seem to be a CVE for this issue. Could one be assigned? Thanks. A vulnerability was reported in Zend Framework versions prior to 1.11.15 and 1.12.1, which can be exploited to disclose certain sensitive information. This flaw is caused due to an error in the "Zend_Feed_Rss" and "Zend_Feed_Atom" classes of the "Zend_Feed" component, when processing XML data. It can be used to disclose the contents of certain local files by sending specially crafted XML data including external entity references. References: http://framework.zend.com/security/advisory/ZF2012-05 https://bugzilla.redhat.com/show_bug.cgi?id=889037 http://secunia.com/advisories/51583 -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.